This is an update on my ongoing series on web service client authorization ([1], [2]): exciting times ahead!
To reiterate: there are more and more sites appearing that provide means to connect to them to read and manipulate data you have stored on their servers via web service APIs. This enables the creation of third-party applications and services that build upon these sites and enhance their services. E.g., there is an iPhoto plugin for Flickr, lots of alternative interfaces to your del.icio.us bookmarks, etc.
The problem: nearly every one of these services requires you to give up your username and password to connect to these services. I've outlined in the two articles referenced above why this is a bad tendency, and why we need alternative mechanisms to authenticate third-party services when they connect to your user account.
Earlier today I posted a comment on an article by Pascal Van Hecke which touched upon this topic. I have just received a mail from him where he points me to an ongoing discussion on the del.icio.us mailing list about "remote application authorization", ignited by Joshua Schachter's announcement that he will be implementing such a token-based scheme for del.icio.us. Josh starts off with a short description of what he's trying to accomplish, and it's looking great.
This means we will finally be able to safely use other people's services and software tools to get more value from our del.icio.us accounts, but we don't have to reveal passwords to strangers, and we might even be presented with a way to revoke access rights as well. Because it's del.icio.us, I'm confident that other service providers will adopt similar schemes soon; or as I wrote in the comments to Pascal's article: "Joshua, I love it that you are the first to do it, because you have the freedom to do it right, and the exposure and popularity to motivate others to follow suit." Yay for small teams!
(update: I was traveling when I first posted this, so this post may seem a bit sketchy. I've now edited it a bit to make it more clear what I'm writing about.)
Comments
Comments are closed. You can contact me instead.